[maemo-users] [maemo-users] Firewalls was [Re: Battery Benchmarking?]

From: Gavin O' Gorman gavin.ogorman at gmail.com
Date: Sun Jan 14 17:48:54 EET 2007
On 1/13/07, Scott G Kelly <scott at hyperthought.com> wrote:

> the 770 dev environment and see what I can do about this. If anyone else
> here is working on firewall-related stuff for the 770 (or n800) let me
> know so we can coordinate our efforts.
> Scott

I don't think that a firewall for the 770 is particularly needed. The
only services I can think that may be run at the moment on the average
770 user would be the Canola webserver and I believe that this can be
limited to the loopback interface ?

More advanced users probably run a ssh server as well. SSH can be
secured by using keys instead of passwords. The very nature of the
device also limits the time period an effective dictionary attack
could be mounted for.

Regarding client software ports, and attack against TCP sessions that
_are already active_, I can't imagine that a firewall would make the
slightest bit of difference should a person hijack a connection that
is already present using a MitM attack with TCP spoofing. The
connection itself is already valid, thus the firewall will have no
reason to detect anything out of the ordinary.

On a machine that runs no services, the only thing a firewall is
useful for is monitoring the outgoing connection attempts from various
applications. Should connection attempts be made from applications not
authorised, these can be detected and stopped. This is not a
configuration I have often come across on linux machines, because the
problem of such trojans and viruses tend to be more windows based.

I would argue that enabling a firewall would have more negative
affects in terms of battery usage than realistic security
enhancements. However, I also wouldn't imagine there is much work to
be done to port iptables, or the current equivalent, given that it is
in the linux kernel by default ?


More information about the maemo-users mailing list